'Pharming' Is Latest Internet Security Threat

June 20, 2005--"Pharming" has overtaken "phishing" as the most dangerous Internet scam tactic, according to the latest Internet Security Intelligence Briefing published on Tuesday by VeriSign, an Internet and telecommunications security firm.

The report, which covers Internet usage, e-commerce and fraud trends in the first quarter of 2005, noted that on March 16, 2005, there was a 300% surge in probes of Domain Name System servers, which coincided with Internet users being redirected to a site distributing spyware and adware.

"Pharming" is a tactic whereby a scam artist hacks into a DNS server to make it recognize messages from an intruder as "trusted." This enables the scam artist to redirect users on an official site to a false site without the user's browser recognizing the difference. Users who enter financial information into these false sites may have these details stolen.

Better known is the practice of "phishing," in which scam artists send out e-mails asking for personal financial information and claiming to be from established organizations. Users who follow the links in the e-mail are directed to fake websites designed to look like the original but which serve to steal the user's information.

"Phishing" is "more personalized and takes place on an individual basis," said a Verisign spokesman, while "pharming" plays out on a larger scale, because "it is accomplished by poisoning an entire DNS cache," he said.

To prevent such scams, the report recommended a few measures. For example, businesses should have written agreements with the service providers to ensure that no one else can access and change their accounts, or can guard electronic forms through a process called Secure Socket Layers, that tags a webpage with a security certificate.

As even these techniques may be evaded by skilful scam artists, the report said that software vendors should adopt the DNS Security specification or the Secure Internet Letterhead, the latest standards to guarantee the authenticity of a website.

The report also noted that 84.9% of attempted fraudulent transactions worldwide in the first quarter of 2005 originated from computers in the US, followed by 5.1% from Canada and 1.1% from Great Britain. In addition, from tracking some 135,000 online merchant customers, the report estimated the average e-commerce transaction to have increased by 4%, from $144 in Q4 2004 to $150 in Q1 2005, and the number of e-commerce transactions to have grown by 31%.